Thursday, 1 August 2013

Up to 10,000 requests for information made annually
in Ireland - compared with just 326 for Austria

Irish authorities made 27 times as many requests
for people’s stored phone and internet use data compared to law enforcement
agencies in comparably sized Austria,
according to submissions to the European Court of Justice (ECJ) in Luxembourg.

The information was supplied in a day-long
hearing on July 9th by parties to an ECJ case which is considering the legality
of the European Data Retention Directive (2006/24/ EC), which allows member
states to store data on daily call and internet activity for the EU’s 500
million residents.

The case originates in a challenge to the
constitutionality of Ireland’s data-retention laws, taken by privacy advocates
Digital Rights Ireland.
The case was referred by the Irish High Court
to the ECJ.

Ireland, which stores Irish residents’ landline
and mobile call access data, as well as some data related to internet usage,
for two years, told a panel of ECJ judges that “6,000 to 10,000” requests were
made annually under Irish law.

The directive limits the use of such data to
combating serious crime and terrorism.

Retention statistics
Counsel representing Austria said authorities there had made 326 requests for
data in a recent one-year period.

The UK refused to disclose figures at the
hearing.

It is not clear to what the figure of “6,000 to
10,000” requests presented by Irish counsel to the ECJ refers.

According to statistics released in a 2012 European
Commission report by member states on data requests made in 2010,
and cited at the hearing as evidence in support of the directive’s
implementation, Irish authorities – comprising the Garda, Revenue Commissioners
or Defence Forces – made 14,928 data orders.

The Department of Justice released 2011 figures
last week, confirming 12,675 data requests.

Asked this week by The Irish Times to
clarify whether the figures presented were an average or if they referred to as
yet unreleased 2012 data request figures, a spokesman for the Department of
Justice said: “The communications data retention statistics for Ireland for
2012 are in the order of 9,000 requests.”

The spokesman declined to offer further detail
on the nature of the requests, stating: “It is not the practice nor would it be
in the public interest to go into further detail of the provision of the data
to the relevant authorities.”

Asked whether Ireland had a much higher rate of
serious crime than Austria, the department responded: “The operation of data
retention regimes in other EU member states is a matter for the authorities of
those states.”

The European Court of Justice is focused on
whether the European Union’s Data Retention Directive, which allows states to
choose a retention period of six months to two years, represents a proportional
approach to ensuring that some call and internet data are available for law
enforcement and security needs.

Data requests

Unusual for the ECJ, the hearing concentrated on human rights aspects of data
retention, in particular how the directive fits with articles 7 and 8 of the
Charter of Fundamental Rights of the European Union.

According to the European Commission’s 2010
study, for those countries that supplied (often incomplete) information, the
vast majority of data requests were made within the first three months of the
data being created, and most of the remainder in the first six months.

The body representing childcare providers has said it is “outrageous” for
personal information on staff to be posted online as part of the publication of
HSE
inspection reports.

Staff References

The HSE said it was unable to respond yesterday evening to a query about the
posting of the staff references. The Data Protection Commissioner was unable to
say if the postings were a data breach. The report on Clifden Community
Playgroup had been taken off the pobal.ie website last night.

Character references for three staff at Clifden
Community Playgroup in Co Galway were included in a report posted online. The
references were sent into the HSE by the playgroup following an inspection in
May 2012 when it was told references for all staff had to be made available.

The inspection report was posted online in
recent days by the HSE and it included, as it often does, the reply of the
childcare provider indicating changes made after concerns were raised. But in
the case of the Clifden Community Playgroup it also included the character
references of three staff which the playgroup sent in.

“It is outrageous that references would be put
up online. It is simply not fair if they are putting up personal information,”
said Irene Gunning,
chief executive of Early Childhood
Ireland, which represents the majority of creches and childcare
providers.

The HSE began posting the creche reports online
earlier this month in a move to make the childcare system more transparent for
parents. It follows an RTÉ documentary in June which highlighted mistreatment
of children at three creches.

So far, reports for childcare providers in four
counties have been posted online – Limerick, Mayo, Clare and Galway. Many
reports show creches and childcare providers do not have adequate records for
staff in relation to Garda vetting and references. Early Childhood Ireland has
said delays of 12 weeks for getting Garda vetting makes it difficult for
childcare providers to be compliant on this.

Galway reports, which were posted up late last
week and yesterday, highlight infrastructure deficiencies in some creches, including
broken toilet seats, peeling paint and mould.